What is an .htaccess file?

An .htaccess (hypertext access) file is a directory-level configuration file for Apache web servers. It lets you set redirects, URL rewrites, access control, caching headers, and more without touching the main server config.

Where do I upload the .htaccess file?

Upload it to your web root — the same directory that contains your index.html or index.php file. The file must be named exactly ".htaccess" (with a leading dot, no extension).

Does .htaccess work on Nginx?

No. Nginx has its own configuration format. .htaccess is Apache-only. If you are on Nginx, the equivalent directives go in your nginx.conf or site configuration block.

guide

How to Write an .htaccess File Online — Free (2026)

By Rui Barreira · Last updated: 18 June 2026

The .htaccess Generator on brevio creates Apache configuration rules through a simple checkbox interface and outputs the ready-to-deploy file. No manual Apache syntax needed, nothing sent to a server.

What Is .htaccess?

.htaccess (hypertext access) is a directory-level configuration file for the Apache web server. It overrides server settings for the directory it lives in and all subdirectories. Common uses include URL redirects, security headers, access control, GZIP compression, and custom error pages.

How to Create a .htaccess File Step by Step

Open the .htaccess Generator.
Enable HTTPS redirect if your site uses SSL. This forces all HTTP traffic to the HTTPS version of your site with a 301 permanent redirect.
Remove .html extensions if you want clean URLs like /about instead of /about.html.
Set a custom 404 page URL. Enter the path to your custom error page, e.g. /404.html.
Enable GZIP compression to reduce HTML, CSS, and JavaScript file sizes over the wire (typically 60–80% reduction).
Set browser cache duration. Enable this and enter the number of days browsers should cache static files. 30 days is a safe default for assets.
Block directory listing to prevent visitors from seeing a raw file listing when no index file exists in a directory.
Restrict access by IP if you want to whitelist specific IPs for a staging environment or admin area.
Add security headers to set X-Frame-Options, X-Content-Type-Options, and Referrer-Policy automatically.
Copy and save. Click Copy .htaccess, then save the content as a file named exactly .htaccess (note the leading dot) and upload it to your web root.

Key .htaccess Rules Explained

HTTPS redirect

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This uses mod_rewrite to permanently redirect all non-HTTPS requests. The R=301 flag tells browsers and search engines this is a permanent redirect, which passes link equity in SEO.

GZIP compression

<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/css application/javascript
</IfModule>

Wrapped in <IfModule> to silently skip if mod_deflate is not enabled — safe to include on any server.

Security headers

<IfModule mod_headers.c>
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-Content-Type-Options "nosniff"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

X-Frame-Options SAMEORIGIN prevents your site from being embedded in an iframe on external domains (clickjacking protection). X-Content-Type-Options nosniff prevents MIME-type sniffing attacks. Referrer-Policy controls how much URL information is sent in the Referer header.

Where to Place .htaccess

Place the .htaccess file in your web root directory — typically /public_html/, /htdocs/, or /www/ depending on your hosting provider. It automatically applies to that directory and all subdirectories. You can also place separate .htaccess files in subdirectories to override parent settings.

Testing .htaccess Changes

Always test in a staging environment first. Incorrect .htaccess syntax causes a 500 Internal Server Error for the entire site. Use your hosting panel's error log to diagnose issues. Common mistakes: missing RewriteEngine On, incorrect file paths, and using Windows line endings (CRLF) instead of Unix (LF).

Frequently Asked Questions

Is .htaccess supported on all web servers?

.htaccess is specific to the Apache web server. Nginx uses server block configuration files and does not support .htaccess. If you are on Nginx, LiteSpeed (which has .htaccess compatibility mode), or a CDN like Cloudflare, some rules will not apply as written.

Does .htaccess slow down my site?

Slightly. Apache reads .htaccess on every request if AllowOverride is enabled. For high-traffic production sites, move rules to the server's main configuration file (httpd.conf or a virtual host config) and disable AllowOverride All. For most shared hosting, the overhead is negligible.

Why does my .htaccess not work?

Check: (1) AllowOverride All must be enabled in your Apache configuration — many shared hosts have this on by default; (2) mod_rewrite must be enabled for RewriteRule directives; (3) the file must be named exactly .htaccess with no extension; (4) use Unix line endings (LF), not Windows (CRLF).

Frequently Asked Questions

What is an .htaccess file?: An .htaccess (hypertext access) file is a directory-level configuration file for Apache web servers. It lets you set redirects, URL rewrites, access control, caching headers, and more without touching the main server config.
Where do I upload the .htaccess file?: Upload it to your web root — the same directory that contains your index.html or index.php file. The file must be named exactly ".htaccess" (with a leading dot, no extension).
Does .htaccess work on Nginx?: No. Nginx has its own configuration format. .htaccess is Apache-only. If you are on Nginx, the equivalent directives go in your nginx.conf or site configuration block.